With CP-ABE (Cipher Policy - Attributed-Based Encryption) we can generate an encryption key based on a policy and a set of attributes.
CP-ABE in Go |
Background
package main import ( "github.com/fentec-project/gofe/abe" "fmt" "os" "strconv" "strings" ) func toArray(s string) []int { strs := strings.Split(s, " ") a := make([]int, len(strs)) for i := range a { a[i], _ = strconv.Atoi(strs[i]) } return a } func main() { msg := "My secret code" policy:="((0 AND 1) OR (2 AND 3)) AND 5" attributes:="0 1 3 5" argCount := len(os.Args[1:]) if (argCount>0) { msg= (os.Args[1]) } if (argCount>1) { policy= (os.Args[2]) } if (argCount>2) { attributes= (os.Args[3]) } // the attributes of the access // user_attributes := []int{0,1, 3, 5} user_attributes := toArray(attributes) a := abe.NewFAME() pubKey, secKey, _ := a.GenerateMasterKeys() msp, err := abe.BooleanToMSP(policy, false) if (err!=nil) { fmt.Printf("Error in policy\n")} cipher, _ := a.Encrypt(msg, msp, pubKey) fmt.Printf("Message: %s\n",msg) fmt.Printf("Policy: %s\n",policy) fmt.Printf("Attributes: %d\n\n",user_attributes) // generate keys for decryption for an entity with // attributes user_attributes userkeys, _ := a.GenerateAttribKeys(user_attributes, secKey) demsg, err := a.Decrypt(cipher, userkeys, pubKey) if (err!=nil) { fmt.Printf("You do not have rights!!!") } else { fmt.Printf("Decrypted Message: %s\n",demsg) } }
A sample run is:
Message: Danger, danger!! Policy: ((0 AND 1) OR (2 AND 3)) AND 5 Attributes: [0 1 3 5] Decrypted Message: Danger, danger!!
and for a failure:
Message: Danger, danger!! Policy: ((0 AND 1) OR (2 AND 3)) AND 5 Attributes: [1 3 5] You do not have rights!!!